Do I have your attention? It turns out sudo includes a library (usually /usr/lib/sudo/sudo_noexec.so) that does what my stub library did, but better - it wraps all of glibc's exec and spawn functions with fake ones that do nothing. It was originally put there to prevent shell escapes in editors and such. Not foolproof, but better than nothing. Code: $ strings /usr/lib/sudo/sudo_noexec.so |`3f __gmon_start__ _init _fini _ITM_deregisterTMCloneTable _ITM_registerTMCloneTable __cxa_finalize _Jv_RegisterClasses execl __errno_location execle execlp execv execvp execvpe fexecve posix_spawn posix_spawnp libc.so.6 _edata __bss_start _end libsudo_noexec.so GLIBC_2.2.5 fffff. fffff. fffff. ;*3$" Load it into an application on start, and that application will not be able to run other applications, barring some serious tampering inside its memory space. e.g. Code: LD_PRELOAD=/usr/lib/sudo/sudo_noexec.so /usr/lib/firefox/firefox This alone is not a comprehensive security strategy. But I do think it may have a place as part of one.
If I understand it correctly, it's good to know they take precaution against possible privilege escalation scenario.